Merge pull request #514 from 1earch/fix-cuckoo2.0.7

Support for Cuckoo 2.0.7 and custom CA
TheHive-Project · Nov 16, 2019 · 2d46c20 · 2d46c20
2 parents 40145ac + f173d99
commit 2d46c20
Show file tree

Hide file tree

Showing 6 changed files with 185 additions and 13 deletions.
diff --git a/analyzers/CuckooSandbox/CuckooSandbox_File_Analysis.json b/analyzers/CuckooSandbox/CuckooSandbox_File_Analysis.json
@@ -16,13 +16,27 @@
       "multi": false,
       "required": true
     },
+    {
+      "name": "token",
+      "description": "API token",
+      "type": "string",
+      "multi": false,
+      "required": false
+    },
     {
       "name": "verifyssl",
       "description": "Verify SSL certificate",
       "type": "boolean",
       "multi": false,
       "required": true,
       "defaultValue": true
+    },
+    {
+      "name": "cert_path",
+      "description": "Path to the CA on the system used to check server certificate",
+      "type": "string",
+      "multi": false,
+      "required": false
     }
   ]
 }
diff --git a/analyzers/CuckooSandbox/CuckooSandbox_Url_Analysis.json b/analyzers/CuckooSandbox/CuckooSandbox_Url_Analysis.json
@@ -16,13 +16,27 @@
       "multi": false,
       "required": true
     },
+    {
+      "name": "token",
+      "description": "API token",
+      "type": "string",
+      "multi": false,
+      "required": false
+    },
     {
       "name": "verifyssl",
       "description": "Verify SSL certificate",
       "type": "boolean",
       "multi": false,
       "required": true,
       "defaultValue": true
+    },
+    {
+      "name": "cert_path",
+      "description": "Path to the CA on the system used to check server certificate",
+      "type": "string",
+      "multi": false,
+      "required": false
     }
   ]
 

diff --git a/analyzers/CuckooSandbox/cuckoosandbox_analyzer.py b/analyzers/CuckooSandbox/cuckoosandbox_analyzer.py
@@ -13,10 +13,11 @@ def __init__(self):
         Analyzer.__init__(self)
         self.url = self.get_param('config.url', None, 'CuckooSandbox url is missing')
         self.url = self.url + "/" if not self.url.endswith("/") else self.url
+        self.token = self.get_param('config.token', None, None)
         # self.analysistimeout = self.get_param('config.analysistimeout', 30*60, None)
         # self.networktimeout = self.get_param('config.networktimeout', 30, None)
-        self.verify = self.get_param('config.verifyssl', True, None)
-        if not self.verify:
+        self.verify_ssl = self.get_param('config.verifyssl', True, None)
+        if not self.verify_ssl:
             from requests.packages.urllib3.exceptions import InsecureRequestWarning
             requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
 
@@ -50,23 +51,36 @@ def run(self):
         Analyzer.run(self)
 
         try:
+            headers = dict()
+            if self.token and self.token != "":
+                headers['Authorization'] = "Bearer {0}".format(self.token)
 
             # file analysis
             if self.data_type == 'file':
                 filepath = self.get_param('file', None, 'File is missing')
                 filename = self.get_param('filename', basename(filepath))
                 with open(filepath, "rb") as sample:
                     files = {"file": (filename, sample)}
-                    response = requests.post(self.url + 'tasks/create/file', files=files, verify=self.verify)
-                task_id = response.json()['task_ids'][0] if 'task_ids' in response.json().keys() \
-                    else response.json()['task_id']
+                    response = requests.post(self.url + 'tasks/create/file', files=files, headers=headers, verify=self.verify_ssl)
+                if 'task_ids' in response.json().keys():
+                    task_id = response.json()['task_ids'][0]
+                elif 'task_id' in response.json().keys():
+                    task_id = response.json()['task_id']
+                elif response.status_code == 401:
+                    self.error("API token is required by this Cuckoo instance.")
+                else:
+                    self.error(response.json()['message'])
 
             # url analysis
             elif self.data_type == 'url':
                 data = {"url": self.get_data()}
-                response = requests.post(
-                    self.url + 'tasks/create/url', data=data, verify=self.verify)
-                task_id = response.json()['task_id']
+                response = requests.post(self.url + 'tasks/create/url', data=data, headers=headers, verify=self.verify_ssl)
+                if 'task_id' in response.json().keys():
+                    task_id = response.json()['task_id']
+                elif response.status_code == 401:
+                    self.error("API token is required by this Cuckoo instance.")
+                else:
+                    self.error(response.json()['message'])
 
             else:
                 self.error('Invalid data type !')
@@ -75,8 +89,7 @@ def run(self):
             tries = 0
             while not finished and tries <= 15:  # wait max 15 mins
                 time.sleep(60)
-                response = requests.get(
-                    self.url + 'tasks/view/' + str(task_id), verify=self.verify)
+                response = requests.get(self.url + 'tasks/view/' + str(task_id), headers=headers, verify=self.verify_ssl)
                 content = response.json()['task']['status']
                 if content == 'reported':
                     finished = True
@@ -85,8 +98,7 @@ def run(self):
                 self.error('CuckooSandbox analysis timed out')
 
             # Download the report
-            response = requests.get(
-                self.url + 'tasks/report/' + str(task_id) + '/json', verify=self.verify)
+            response = requests.get(self.url + 'tasks/report/' + str(task_id) + '/json', headers=headers, verify=self.verify_ssl)
             resp_json = response.json()
             list_description = [x['description'] for x in resp_json['signatures']]
             if 'suricata' in resp_json.keys() and 'alerts' in resp_json['suricata'].keys():
@@ -148,7 +160,7 @@ def run(self):
                 })
 
         except requests.exceptions.RequestException as e:
-            self.error(e)
+            self.error(str(e))
 
         except Exception as e:
             self.unexpectedError(e)

diff --git a/analyzers/catalog-devel.json b/analyzers/catalog-devel.json
@@ -306,6 +306,28 @@
       "type": "string",
       "multi": false,
       "required": true
+    },
+    {
+      "name": "token",
+      "description": "API token",
+      "type": "string",
+      "multi": false,
+      "required": false
+    },
+    {
+      "name": "cert_check",
+      "description": "Verify server certificate",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "cert_path",
+      "description": "Path to the CA on the system used to check server certificate",
+      "type": "string",
+      "multi": false,
+      "required": false
     }
   ],
   "dockerImage": "cortexneurons/cuckoosandbox_file_analysis_inet:devel"
@@ -329,6 +351,28 @@
       "type": "string",
       "multi": false,
       "required": true
+    },
+    {
+      "name": "token",
+      "description": "API token",
+      "type": "string",
+      "multi": false,
+      "required": false
+    },
+    {
+      "name": "cert_check",
+      "description": "Verify server certificate",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "cert_path",
+      "description": "Path to the CA on the system used to check server certificate",
+      "type": "string",
+      "multi": false,
+      "required": false
     }
   ],
   "dockerImage": "cortexneurons/cuckoosandbox_url_analysis:devel"

diff --git a/analyzers/catalog-stable.json b/analyzers/catalog-stable.json
@@ -306,6 +306,28 @@
       "type": "string",
       "multi": false,
       "required": true
+    },
+    {
+      "name": "token",
+      "description": "API token",
+      "type": "string",
+      "multi": false,
+      "required": false
+    },
+    {
+      "name": "cert_check",
+      "description": "Verify server certificate",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "cert_path",
+      "description": "Path to the CA on the system used to check server certificate",
+      "type": "string",
+      "multi": false,
+      "required": false
     }
   ],
   "dockerImage": "cortexneurons/cuckoosandbox_file_analysis_inet:1.1"
@@ -329,6 +351,28 @@
       "type": "string",
       "multi": false,
       "required": true
+    },
+    {
+      "name": "token",
+      "description": "API token",
+      "type": "string",
+      "multi": false,
+      "required": false
+    },
+    {
+      "name": "cert_check",
+      "description": "Verify server certificate",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "cert_path",
+      "description": "Path to the CA on the system used to check server certificate",
+      "type": "string",
+      "multi": false,
+      "required": false
     }
   ],
   "dockerImage": "cortexneurons/cuckoosandbox_url_analysis:1.1"

diff --git a/analyzers/catalog.json b/analyzers/catalog.json
@@ -306,6 +306,28 @@
       "type": "string",
       "multi": false,
       "required": true
+    },
+    {
+      "name": "token",
+      "description": "API token",
+      "type": "string",
+      "multi": false,
+      "required": false
+    },
+    {
+      "name": "cert_check",
+      "description": "Verify server certificate",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "cert_path",
+      "description": "Path to the CA on the system used to check server certificate",
+      "type": "string",
+      "multi": false,
+      "required": false
     }
   ],
   "dockerImage": "cortexneurons/cuckoosandbox_file_analysis_inet:1"
@@ -329,6 +351,28 @@
       "type": "string",
       "multi": false,
       "required": true
+    },
+    {
+      "name": "token",
+      "description": "API token",
+      "type": "string",
+      "multi": false,
+      "required": false
+    },
+    {
+      "name": "cert_check",
+      "description": "Verify server certificate",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
+    },
+    {
+      "name": "cert_path",
+      "description": "Path to the CA on the system used to check server certificate",
+      "type": "string",
+      "multi": false,
+      "required": false
     }
   ],
   "dockerImage": "cortexneurons/cuckoosandbox_url_analysis:1"